Difference between revisions of "FROC2010 Abstract Nickerson"

m(Created page with '==The Presentation: "Pwning the Developer"== Had enough SQLi,CSRF,XSS, and other code talk today? There is an EASIER and FASTER way. Throw away the fuzzers, drop the massive too…')

Had enough SQLi,CSRF,XSS, and other code talk today? There is an EASIER

Had enough SQLi,CSRF,XSS, and other code talk today? There is an EASIER

Revision as of 17:50, 7 May 2010

The Presentation: "YOU are the WEAKEST link"

Had enough SQLi,CSRF,XSS, and other code talk today? There is an EASIER
and FASTER way. Throw away the fuzzers, drop the massive toolset and hours
of beating your head against the wall. Ignore the scanners and let your
whitehat/greyhat methodology have a rest. In this talk, we will talk about
the path of least resistance, the people. Do you REALLY think that
attackers are gonna send a TON of traffic at your app and fuzz it al day
long? NOPE! They are gonna go after the source. Not the source code, the
DEVELOPERS. We will go through how to profile developers, track them, and
find out what REALLY goes on behind the curtain.

The Speaker: Chris Nickerson

Chris Nickerson is a Certified Information Systems Security Professional
(CISSP) whose main area of expertise is focused on Red Team Testing ?nd
Social Engineering. In order to help companies better defend and protect
their critical data and key information systems. He has created a blended
methodology to assess, implement, and manage information security
realistically and effectively. As CEO of Lares, Chris leads a team of
security consultants who conduct Security Risk Assessments, Social
Engineering, Red Team Testing, Penetration testing, Application testing
and regulatory compliance. He is a co-host of the Exotic Liability Podcast
and a featured member of TruTV's Tiger Team show.